Malware found in firewall.php

  • Resolved Hannes

    (@wobler)


    7 years, 8 months ago

    Hi,
    today I got the message, that malware might be found in …/wp-content/Plugins/ninjafirewall/lib/Firewall.php.

    The actual version is Ninjafirewall WP-Edition 3.6.6 under WordPress 4.9.7. The infected? firewall.php has a length of 21,5 kB and was modified the last at 03.06.2018. The providers scan from today says, the file length is 52kB. The used scanner is Revisum Antivirus.

    Now i wonder what to do. Should i run the file like it is, or should I use the clean up tool of my provider (that might make Ninjafirewall unusable)

    Thanks Hannes

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    7 years, 8 months ago

    Hi,

    It looks like a false positive. It is common that antivirus return warnings when they are used to scan another security application.

    The firewall.php script is indeed 52kb (53,394 bytes exactly).

    Install our antivirus NinjaScanner: https://wordpress.org/plugins/ninjascanner/
    Run a scan and it will check the files to make sure they match the original ones.

    idonteatmeat

    (@idonteatmeat)

    7 years, 8 months ago

    I can confirm that’s indeed a false positive. I had the same case with Revisum Antivirus. I checked firewall.php against a fresh one from the repository and they completely match line by line as well as in file size.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Malware found in firewall.php’ is closed to new replies.